| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-5611 | 7.5 |
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post typ
|
30-01-2021 - 02:37 | 30-01-2017 - 04:59 | |
| CVE-2017-1001000 | 5.0 |
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a re
|
03-10-2019 - 00:03 | 03-04-2017 - 01:59 | |
| CVE-2017-5610 | 5.0 |
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.
|
19-03-2019 - 14:37 | 30-01-2017 - 04:59 | |
| CVE-2017-5612 | 4.3 |
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
|
19-03-2019 - 12:27 | 30-01-2017 - 04:59 |